After a user reports stow computer performance, a systems administrator detects a suspicious file, which was installed as part of a freeware software package. The systems administrator reviews the output below: c:\Windows\system32>netstat -nab Active Connections Proto Local Address Foreign Address state TCP 0.0.0.0:135 0.0.0.0:0 LISTENING Rpcss| [svchost.exe] TCP 0.0.0.0:445 0.0.0.0:0 LISTENING [svchost.exe] TCP 192.168.1.10:5000 10.37.213.20 ESTABLISHED winserver.exe UDP 192.168.1.10:1900 *.* SSDPSVR Based on the above information, which of the following types of malware was installed on the user's computer?

Comp TIA Security + Certification Questions Part 1

Question : 36 of 60

Marks: +1, -0

After a user reports stow computer performance, a systems administrator detects a suspicious file, which was installed as part of a freeware software package.
The systems administrator reviews the output below: c:\Windows\system32>netstat -nab Active Connections

`Proto`	`Local Address`	`Foreign Address`	`state`
`TCP`	`0.0.0.0:135`	`0.0.0.0:0`	`LISTENING`	`Rpcss\| [svchost.exe]`
`TCP`	`0.0.0.0:445`	`0.0.0.0:0`	`LISTENING`	`[svchost.exe]`
`TCP`	`192.168.1.10:5000`	`10.37.213.20`	`ESTABLISHED`	`winserver.exe`
`UDP`	`192.168.1.10:1900`	`.`		`SSDPSVR`

Based on the above information, which of the following types of malware was installed on the user's computer?

RAT
Keylogger
Spyware
Worm
Bot

Validate

Go to Question:

Prev Question

Next Question